CVE-2018-1002103

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1002103

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1002103.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1002103

Aliases

Related

openSUSE-SU-2024:11051-1

Withdrawn

2024-05-15T05:33:42.937376Z

Published

2018-12-05T21:29:00Z

Modified

2024-08-20T20:58:33.372871Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem.

References

https://github.com/kubernetes/minikube/issues/3208

Affected packages

Git / github.com/kubernetes/minikube

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/minikube
Events: Introduced

5c4fd685f507c1f45c0e7ee30e45a565466dbbc3

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.13.1

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.17.1

v0.18.0

v0.19.0

v0.19.1

v0.20.0

v0.21.0

v0.22.0

v0.22.1

v0.22.2

v0.22.3

v0.23.0

v0.24.0

v0.24.1

v0.25.0

v0.26.0

v0.26.1

v0.27.0

v0.28.0

v0.28.1

v0.28.2

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.32.0

v0.33.0

v0.33.1

v0.34.0

v0.34.1

v0.35.0

v0.4.0

v0.5.0

v0.7.1

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.10.0

v1.10.0-beta.0

v1.10.0-beta.1

v1.10.0-beta.2

v1.10.1

v1.11.0

v1.12.0

v1.12.0-beta.0

v1.12.0-beta.1

v1.12.1

v1.12.2

v1.12.3

v1.13.0

v1.13.1

v1.14.0

v1.14.0-beta.0

v1.14.1

v1.14.2

v1.15.0

v1.15.1

v1.16.0

v1.16.0-beta.0

v1.17.0

v1.17.1

v1.18.0

v1.18.0-beta.0

v1.18.1

v1.19.0

v1.19.0-beta.0

v1.2.0

v1.20.0

v1.20.0-beta.0

v1.21.0

v1.21.0-beta.0

v1.22.0

v1.22.0-beta.0

v1.23.0

v1.23.1

v1.23.2

v1.24.0

v1.24.0-beta.0

v1.25.0

v1.25.1

v1.25.2

v1.26.0

v1.26.0-beta.0

v1.26.0-beta.1

v1.26.1

v1.27.0

v1.27.1

v1.28.0

v1.29.0

v1.3.0

v1.3.1

v1.30.0

v1.30.1

v1.31.0

v1.31.1

v1.31.2

v1.32.0

v1.32.0-beta.0

v1.4.0

v1.4.0-beta.0

v1.4.0-beta.1

v1.4.0-beta.2

v1.5.0

v1.5.0-beta.0

v1.5.1

v1.5.2

v1.6.0

v1.6.0-beta.0

v1.6.0-beta.1

v1.6.1

v1.6.2

v1.7.0

v1.7.0-beta.0

v1.7.0-beta.1

v1.7.0-beta.2

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.0-beta.1

v1.9.0-beta.2

v1.9.1

v1.9.2